Cybersecurity researchers at Kaspersky have discovered a new Windows-based spyware called “Dante,” which they say has been used to target victims in Russia and Belarus. The malware was identified as the work of Memento Labs, an Italian surveillance technology company that emerged in 2019 following the acquisition and rebranding of the notorious spyware maker Hacking Team.
Memento Labs CEO Paolo Lezzi confirmed to TechCrunch that the spyware detected by Kaspersky belongs to Memento, acknowledging that one of the company’s government clients was responsible for the exposure. “Clearly they used an agent that was already dead,” Lezzi said, referring to the outdated version of the spyware used in the campaign. He added, “I thought [the government customer] didn’t even use it anymore.”
Lezzi stated that Memento had already asked all customers to stop using its Windows spyware, after learning that Kaspersky had detected Dante infections since December 2024. He said the company now focuses solely on mobile surveillance tools and occasionally develops or acquires zero-day exploits — undisclosed software vulnerabilities that enable spyware delivery.
Kaspersky’s report attributes the espionage campaign to a group it calls “ForumTroll,” which allegedly targeted individuals through fake invites to the Russian politics and economics event “Primakov Readings.” Victims included media organizations, universities, and government agencies across Russia. Kaspersky spokesperson Mai Al Akka said the campaign appeared to be backed by a government actor, noting, “The group stands out for its strong command of Russian and knowledge of local nuances… However, occasional errors suggest that the attackers were not native speakers.”
Researchers also found traces of the word “DANTEMARKER” embedded in the spyware’s code — a unique clue linking the malware to Memento, which had publicly mentioned the Dante platform at a surveillance conference.
Memento Labs is the successor to Hacking Team, the Milan-based spyware firm that collapsed after a massive 2015 hack by Phineas Fisher, which leaked 400 GB of internal data revealing its sales to governments accused of human rights abuses. Lezzi acquired the remnants of Hacking Team for one euro in 2019, promising to rebuild the company “from scratch.”
Commenting on the findings, John Scott-Railton of the University of Toronto’s Citizen Lab said the discovery proves how easily such technology resurfaces. “It tells us that we need to keep up the fear of consequences,” he told TechCrunch. “It says a lot that echoes of the most radioactive, embarrassed, and hacked brand are still around.”
